We collect only the data necessary to operate the Service: session metadata, source IP for abuse-prevention, and aggregated transport metrics. No payload content is logged or retained.
The Service sets one session cookie (auth_token) and one anti-CSRF token (csrf). Both are short-lived and rotated on reconnect.
Operational logs are retained for 14 days, then anonymised and discarded.
The Service relies on CDN providers for edge delivery. These providers may receive request metadata under their own privacy policies.
Privacy enquiries: privacy@streaming-api.example